Re: [Emerging-Sigs] Reliability of signatures

[Matt Olney <molney () sourcefire com>]

No, Google got hacked because of a spear phish that sent them to a html page
that included an exploit vs. IE(6!?).  That isn't SPAM, nor is it possible
to detect, from a generic perspective, spear phishing emails.  The IDS,
hopefully, would alert on the return from the web server with the malicious
web page.  (Although in this case it was a 0-day).

Email isn't the attack, email is the deliver system or, in the case of
"click this link to get owned" the social engineering side.  The attack is
against a file format vulnerability.

On Thu, Feb 10, 2011 at 10:02 AM, Michael Scheidell <
michael.scheidell () secnap com> wrote:

>  On 2/10/11 9:55 AM, Matt Olney wrote:
>
>  Also, SPAM isn't an IDS issue, at least from my point of view.  I worry
> about malicious, not asinine.
>
> but then again, google got hacked into due to spam their engineers opened
> ;-)
> and, in fact, most of the external hacks today happen due to insiders
> opening spam.
>
> if you lock down the whole network, put in ids/ips, application firewalls,
> do vul scans, application web scans, sem's, everything..
> you still have the lusers opening up fed ex recipients that are unknown
> viruses.  spammed to them.
> malicious?  you bet!
>
>
>
>
> --
> Michael Scheidell, CTO
> o: 561-999-5000
> d: 561-948-2259
> ISN: 1259*1300
> > *| *SECNAP Network Security Corporation
>
>    - Certified SNORT Integrator
>    - 2008-9 Hot Company Award Winner, World Executive Alliance
>    - Five-Star Partner Program 2009, VARBusiness
>    - Best in Email Security,2010: Network Products Guide
>    - King of Spam Filters, SC Magazine 2008
>
>
> ------------------------------
>
> This email has been scanned and certified safe by SpammerTrap®.
> For Information please see http://www.secnap.com/products/spammertrap/
> ------------------------------
>
>
>
> ------------------------------------------------------------------------------
> The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
> Pinpoint memory and threading errors before they happen.
> Find and fix more than 250 security defects in the development cycle.
> Locate bottlenecks in serial and parallel code that limit performance.
> http://p.sf.net/sfu/intel-dev2devfeb
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------
The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
Pinpoint memory and threading errors before they happen.
Find and fix more than 250 security defects in the development cycle.
Locate bottlenecks in serial and parallel code that limit performance.
http://p.sf.net/sfu/intel-dev2devfeb

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users